Reporting Security Problems

Physical Security

PagerDuty uses ISO 27001 and FISMA certified data centers. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, biometric locks and other electronic means. Only authorized personnel have access to the data center.

System and Software Security

The PagerDuty system infrastructure is updated regularly with the latest security patches. All of our servers run hardened, patched operating systems. We employ dedicated firewalls and VPN services to block unauthorized system access.

We also employ an internal team of software engineers and dev-ops engineers to keep our software and its dependencies up to date eliminating potential security vulnerabilities. This team carefully audits and tests all software components that affect the overall security of the system.

Communications

All account-specific data exchanged with PagerDuty is transmitted over SSL. The PagerDuty APIs support SSL.

Data Security and Backups

All customer data is written to multiple disks instantly in multiple disparate data centers. We use a minimum of three different data centers to store all customer data.

We back up customer data on a daily basis to an offsite location.

Employee Access

No PagerDuty employees ever access accounts unless required to for support reasons. Support representatives have all signed Non-Disclosure Agreements with PagerDuty. No changes will happen to your account without you being notified. We strive to pre-announce any changes to the system that will affect your use in any way.

Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.